improving security in embedded systems - wind river · fiscal year 2011 financial information...
TRANSCRIPT
![Page 1: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/1.jpg)
![Page 2: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/2.jpg)
Improving Security in Embedded Systems Felix Baum, Product Line Manager
![Page 3: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/3.jpg)
Business Imperatives
Security Imperatives
“I need to keep my production expenses as low as possible.”
“How do I provide adequate security with limited resources?”
“My products operate in a number of different environments and verticals.”
“My devices require network connectivity for M2M communication.”
“How do I protect my devices from Internet-based attacks?”
How do I meet regulatory requirements specific to my industry?”
| © 2012 Wind River. All Rights Reserved. 3
The Challenge with Embedded Security
![Page 4: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/4.jpg)
| © 2012 Wind River. All Rights Reserved. 4
Puerto Rico Electric Power Authority (PREPA)
Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+
“Individuals with only a moderate level of computer knowledge” “$400 tools and software readily available on the Internet” Weak authentication credentials; magnetic interference $300–$3,000/meter for hackers; lower utility bills for customers ~10% of smart meters in Puerto Rico
Bad Guys
Tools Used
Attack
Vectors
Financial Incentive
Affected Devices
2010 FBI Cyber-Intelligence Bulletin
PREPA: A House of Pain
![Page 5: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/5.jpg)
Start with a Bottom-up Approach
| © 2012 Wind River. All Rights Reserved. 5
![Page 6: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/6.jpg)
| © 2012 Wind River. All Rights Reserved. 6
RTOS Threats: Mitigation Strategies
§ Boot-time threats – Trust – Authentication
§ Run-time attacks – Kernel – User space – Networking
![Page 7: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/7.jpg)
Boot-Time Protection Strategy: Trust
§ Enable features offered by best-of-class silicon vendors, per specifications defined by Trusted Computing Group, to provide layered security from the moment power is applied.
| © 2012 Wind River. All Rights Reserved. 7
![Page 8: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/8.jpg)
Boot-Time Protection Strategy: Authentication
§ Trusted boot ROM will not help if the OS that it loads has not been signed and authenticated.
| © 2012 Wind River. All Rights Reserved. 8
Unsigned VxWorks Kernel Image
Boot ROM
Memory
LOAD
![Page 9: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/9.jpg)
Boot-Time Protection Strategy: Authentication
§ Trusted boot ROM will not help if the OS that it loads has not been signed and authenticated.
| © 2012 Wind River. All Rights Reserved. 9
Unsigned VxWorks Kernel Image
Boot ROM
Memory
LOAD
![Page 10: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/10.jpg)
Boot-Time Protection Strategy: Authentication
§ To authenticate the binary OS image we need to ask two questions.
| © 2012 Wind River. All Rights Reserved. 10
VxWorks Kernel Image Boot ROM
Memory
LOAD Did come from ? Is untampered?
OEM Inc.
![Page 11: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/11.jpg)
Boot-Time Protection Strategy: Authentication
§ Public/private key pair
| © 2012 Wind River. All Rights Reserved. 11
OEM Inc.
Private
Public
Company Secret
![Page 12: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/12.jpg)
Boot-Time Protection Strategy: Authentication
§ Binary signature
| © 2012 Wind River. All Rights Reserved. 12
Encrypt Signature Private
Unsigned VxWorks Kernel Image
Hash
10110011
OEM Inc.
Private
Signature Decrypt
Public 10110011
![Page 13: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/13.jpg)
Boot-Time Protection Strategy: Authentication
§ Signed binary
| © 2012 Wind River. All Rights Reserved. 13
Signature
Signed VxWorks Kernel Image
Signature
Unsigned VxWorks Kernel Image Boot ROM
Boot ROM with Key
Public
Public
![Page 14: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/14.jpg)
Boot-Time Protection Strategy: Authentication
§ Signed binary loading
| © 2012 Wind River. All Rights Reserved. 14
Signed VxWorks Kernel Image
Signature
LOAD
Memory
Signature
Decrypt
Public 10110011
Hash
10110011
Match?
Boot ROM with Key
![Page 15: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/15.jpg)
| © 2012 Wind River. All Rights Reserved. 15
§ ISR/task stack overrun detection § Heap usage tracking and leakage
detection § Persistent storage of error
records § Code corruption detection § Null pointer usage detection § Heap block overrun detection
Run-Time Protection Strategy: Kernel Hardening
![Page 16: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/16.jpg)
| © 2012 Wind River. All Rights Reserved. 16
§ User space RTPs are containers for – Code (text and data), stack, heap – Tasks owned by this RTP – Objects created by this RTP
§ They offer – Memory protection for
• Text • Data • Stack
– Kernel isolation
Run-Time Protection Strategy: User Space
![Page 17: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/17.jpg)
| © 2012 Wind River. All Rights Reserved. 17
§ Interoperability testing ‒ VPNC, IPv6 Forum Gold Logo host,
router, IPsec ‒ OpenSSL FIPS 140-2 run-time module
Run-Time Protection Strategy: Networking
§ Source code quality ‒ Coverity ‒ Unit test ‒ Diagnostics
§ Denial of service testing ‒ Nessus ‒ Satan
§ Protocol validation ‒ ANVL
§ Performance testing
§ Network robustness and cyber-attack testing ‒ Wurldtech Achilles certified
![Page 18: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/18.jpg)
| © 2012 Wind River. All Rights Reserved. 18
Run-Time Protection Strategy: Networking
Wurldtech conducts a variety of Ethernet and TCP/IP-level and Vnet/IP protocol−level cyber attacks
![Page 19: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/19.jpg)
| © 2012 Wind River. All Rights Reserved. 19
Monitoring § Active monitoring of key lists for vulnerabilities applicable to supported
products Assessment/Prioritization § Assessment and prioritization of vulnerabilities and response with an
initial acknowledgement within one day of receipt (for external source) § Prioritization at High, Medium, Low, or Not Susceptible Notification § Proactive notifications for VxWorks vulnerabilities that do apply at
Online Support (OLS) and external party (if applicable) § Regular consolidated alerts for vulnerabilities that do not affect VxWorks
at OLS and external party (if applicable) § Certain public disclosure restrictions for some vulnerabilities (e.g., cert) Remediation § Posting and notification of patch; resolution on OLS and external party
(if applicable)
Security Response Flow Cert Customers
VxWorks Security Response Team (SRT) (each relevant engg group,
customer support)
Does Not Affect VxWorks
Consolidated OLS Notification
Applicable to VxWorks
Security Patch and OLS Notification
Proactive OLS Notification
Defect Filed
External security-alert@ windriver.com
![Page 20: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/20.jpg)
Then take a step back to look at the big picture.
| © 2012 Wind River. All Rights Reserved. 20
![Page 21: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/21.jpg)
DESIGN
PRODUCTION
DEPLOYMENT OPERATION
AND MAINTENANCE
DESTRUCTION / DISPOSAL
Holistic Approach to Security
| © 2012 Wind River. All Rights Reserved. 21
Vulnerability Landscape
Cus
tom
er R
equi
rem
ents
W
ind River D
omain Expertise
![Page 22: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/22.jpg)
DESIGN
PRODUCTION
DEPLOYMENT OPERATION
AND MAINTENANCE
DESTRUCTION / DISPOSAL
| © 2012 Wind River. All Rights Reserved. 22
Vulnerability Landscape
§ Questions to Ask – What are your product security
requirements? – Does your product have flaws
that can be exploited? – What specifications are
applicable to your end customer’s market segment?
– What coding standards should you implement?
Security in the Design Phase
![Page 23: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/23.jpg)
| © 2012 Wind River. All Rights Reserved. 23
§ Questions to Ask – Has malicious code been
injected during your production process?
– Has your product been tested against known attacks?
– Can your testing show robustness against unknown attacks?
– Does your code contain security holes?
Security in the Production Phase
DESIGN
PRODUCTION
DEPLOYMENT OPERATION
AND MAINTENANCE
DESTRUCTION / DISPOSAL
Vulnerability Landscape
![Page 24: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/24.jpg)
| © 2012 Wind River. All Rights Reserved. 24
§ Questions to Ask – Did your code boot into a trusted
state? – Is a newly loaded application
authorized to operate on your system?
– Is your product protected against reverse engineering?
– Is the “right thing” loaded on your product?
Security in the Deployment Phase
DESIGN
PRODUCTION
DEPLOYMENT OPERATION
AND MAINTENANCE
DESTRUCTION / DISPOSAL
Vulnerability Landscape
![Page 25: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/25.jpg)
Security in the Operation and Maintenance Phase
| © 2012 Wind River. All Rights Reserved. 25
§ Questions to Ask – Did your software update
operation inject malicious code? – Are your network transmissions
authentic and protected from unauthorized disclosure?
– Is the private information in your product safe and secure?
– Are users authenticated and provided the correct authorization to access your systems?
DESIGN
PRODUCTION
DEPLOYMENT OPERATION
AND MAINTENANCE
DESTRUCTION / DISPOSAL
Vulnerability Landscape
![Page 26: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/26.jpg)
| © 2012 Wind River. All Rights Reserved. 26
§ Questions to Ask – Is your business-sensitive
information properly disposed of? – Are your products remaining out
of service after their end of life? – Are critical security parameters
being unenrolled after expiration?
Security in the Disposal Phase
DESIGN
PRODUCTION
DEPLOYMENT OPERATION
AND MAINTENANCE
DESTRUCTION / DISPOSAL
Vulnerability Landscape
![Page 27: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/27.jpg)
Security Tools Throughout Life Cycle
| © 2012 Wind River. All Rights Reserved. 27
Design Production Deployment Operation
and Maintenance
Destruction/ Disposal
Secure Design Life Cycle Training Architectural Studies Industry-Specific Regulations and Certifications
Static Analysis Testing Custom OS Configurations Third-Party Integration Wurldtech Achilles™ Certification
Security Built into Every Step of the Product Life Cycle
Anti-tamper Design/Solution Secure Boot and Run-Time Application Signing Address Space Layout Randomization
Network Robustness/ Fuzz Testing Secure Upgrade Process Secure Network Connectivity Built-in Firewall Services
Zeroization Procedures Sanitation Procedures Remote Wipe Capabilities
![Page 28: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/28.jpg)
Comprehensive Approach
Secure Embedded
System Partner Ecosystem
Development Process and Tools
Secure Run-Times
§ Third-party certification partners § Endpoint protection services § Development process and tools § Comprehensive hardware vendor
support
§ Regulatory requirements § Threat assessments § Design services § White hat services
§ Mentoring and best practices § Testing, test management, code
analytics, monitoring, and simulation
§ Hypervisor and security appliance platform
§ Android § Security policy virtualization/
OS/stack capability § Security certification support
Security Expertise and Analysis
| © 2012 Wind River. All Rights Reserved. 28
![Page 29: Improving Security in Embedded Systems - Wind River · Fiscal Year 2011 Financial Information Assets: $9.9B Revenue: $4.4B Net income: $706M Fitch bond rating: BBB+ “Individuals](https://reader031.vdocument.in/reader031/viewer/2022020304/5bb9083609d3f2333b8ddbc8/html5/thumbnails/29.jpg)